CERTVU:243670Wireshark DECT dissector vulnerability
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.964 High
EPSS
Percentile
99.5%
Overview
Wireshark’s DECT dissector contains a remote code execution vulnerability in the context of the user running a packet capture or reading a packet capture file.
Description
Paul Makowski’s report states:
/epan/dissectors/packet-dect.c contains a stack-based buffer overflow via a call to memcpy() whose length is controlled by the attacker. Absent exploit mitigations independant of Wireshark’s default build options, an attacker is able to execute arbitrary code in the context of the user running a packet capture. On *NIX systems, such capability is frequently reserved for the root user. The overflowable buffer is pkt_bfield.Data.
Impact
An attacker may cause any active capture or .pcap dissection to crash Wireshark/tshark. Remote code execution is also possible.
Solution
Apply an Update
Upgrade to Wireshark 1.4.5. Several other security related fixes are also included in this version.
Vendor Information
243670
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Wireshark Affected
Updated: April 18, 2011
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
- <http://www.wireshark.org/lists/wireshark-announce/201104/msg00002.html>
- <http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html>
- <http://www.wireshark.org/download.html>
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.wireshark.org/lists/wireshark-announce/201104/msg00002.html>
- <http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html>
- <http://www.wireshark.org/download.html>
- <http://blog.ring0.me/2012/01/wireshark-14x-145-cve-2011-1591.html>
Acknowledgements
Thanks to Paul Makowski working for CERT/CC for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
| CVE IDs: | None |
|---|---|
| Severity Metric: | 0.09 Date Public: |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.964 High
EPSS
Percentile
99.5%